From 55e6ddf528028536b88b1397ef8297655782de69 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 15 Apr 2008 12:54:30 +0000 Subject: [PATCH 01/16] Fix for deleting email --- inc/functions.php | 6 +++- inc/language/de.php | 2 ++ inc/modules/admin/admin-inc.php | 2 +- inc/modules/admin/what-del_email.php | 53 +++++++++++++++++++++------- inc/mysql-manager.php | 43 ++++++++++++---------- 5 files changed, 72 insertions(+), 34 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 3cdabf7e3e..005fea7a72 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -786,7 +786,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { break; case "add-points": - $points = bigintval($_POST['points']); + if (isset($_POST['points'])) { + $points = bigintval($_POST['points']); + } else { + $points = __POINTS_VALUE; + } break; case "guest_request_confirm": diff --git a/inc/language/de.php b/inc/language/de.php index fc034cec84..ff35894d31 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1102,6 +1102,8 @@ define('ADMIN_OPTION_SHOW_TIMINGS', "Skript-Statistiken im Seitenfuss einblenden define('ADMIN_OPTION_MAILID_REDIRECT', "Soll bei fehlerhafter/gelöschter Mailbuchung beim Bestätigen die Mail auf die Hauptseite oder Ablehnungsseite weitergleitet werden?"); define('ADMIN_CONFIG_MAILID_REDIRECT_INDEX', "Auf Hauptseite weiterleiten."); define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten."); +define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)"); +define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System"); // ?> diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 6aba44b398..f9f775a003 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -221,7 +221,7 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) // function ADMIN_DO_ACTION($wht) { - global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA; + global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA, $DEPTH; //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; if (EXT_IS_ACTIVE("cache")) { diff --git a/inc/modules/admin/what-del_email.php b/inc/modules/admin/what-del_email.php index 751ad7407e..3401751e7d 100644 --- a/inc/modules/admin/what-del_email.php +++ b/inc/modules/admin/what-del_email.php @@ -45,13 +45,18 @@ ADD_DESCR("admin", basename(__FILE__)); if (!empty($_GET['mid'])) { // Load email data - $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); - list ($id, $sender, $subject, $url, $timestamp,) = SQL_FETCHROW($result); - SQL_FREERESULT($result); // Delete mail only once - if ($sender > 0) { + if (SQL_NUMROWS($result) == 1) { + // Load data + list ($id, $sender, $subject, $url, $timestamp, $payId) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + + // Get points we shall pay back per mail + $price = GET_PAY_POINTS($payId, "price"); + // Prepare data for the template define('__ID' , $id); define('__SENDER' , ADMIN_USER_PROFILE_LINK($sender)); @@ -70,25 +75,45 @@ if (!empty($_GET['mid'])) { SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user); // Delete mail from queue - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", - array(bigintval($_GET['mid'])), __FILE__, __LINE__); + //$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + // array(bigintval($_GET['mid'])), __FILE__, __LINE__); // Fetch right stats_id from pool $result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s LEFT JOIN "._MYSQL_PREFIX."_pool AS p -ON s.pool_id=%d LIMIT 1", +ON s.pool_id=p.id +WHERE s.pool_id=%d LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Fetch stats id list($stats_id) = SQL_FETCHROW($result); SQL_FREERESULT($result); + // Get all user links + $result = SQL_QUERY_ESC("SELECT COUNT(id) AS 'cnt' FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + array(bigintval($stats_id)), __FILE__, __LINE__); + + // Get unconfirmed links for calculation of total points + list($links) = SQL_FETCHROW($result); + + // Free result + SQL_FREERESULT($result); + + // Calc total points and pay them back + $totalPoints = $links * $price; + //* DEBUG: */ echo $stats_id.":".$totalPoints."/".$links."/".$price."
\n"; + if ($totalPoints > 0) { + // Pay back points + //* DEBUG: */ echo "PAYBACK:".$sender."
\n"; + ADD_POINTS_REFSYSTEM($sender, $totalPoints, true, "0", false,"direct"); + } + // Remove links from DB - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", - array(bigintval($stats_id)), __FILE__, __LINE__); + //$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + // array(bigintval($stats_id)), __FILE__, __LINE__); // Output link for manually removing stats entry - LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); + LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); } } else { // Mail already deleted! @@ -103,11 +128,13 @@ ON s.pool_id=%d LIMIT 1", // Load data from bonus mail $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d", array(bigintval($_GET['bid'])), __FILE__, __LINE__); - list ($id, $subject, $url, $timestamp) = SQL_FETCHROW($result); - SQL_FREERESULT($result); // Delete mail only once - if ($id > 0) { + if (SQL_NUMROWS($result) == 1) { + // Load data + list ($id, $subject, $url, $timestamp) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + // Delete bonus mail entirely from database $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", array(bigintval($_GET['bid'])), __FILE__, __LINE__); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 46154a4108..5cc8edd646 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -270,6 +270,7 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) { //* DEBUG: */ echo __LINE__."+".$type."+
\n"; $OUT .= "
\n"; + $DEPTH="0"; } } } @@ -1035,21 +1036,17 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock global $DEPTH, $_CONFIG, $DATA, $link; // When $uid = 0 add points to jackpot - if ($uid == "0") - { + if ($uid == "0") { // Add points to jackpot ADD_JACKPOT($points); return; } // Count up referral depth - if (empty($DEPTH)) - { + if (empty($DEPTH)) { // Initialialize referral system $DEPTH = "0"; - } - else - { + } else { // Increase referral level $DEPTH++; } @@ -1059,49 +1056,57 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock $result_user = SQL_QUERY_ESC("SELECT refid, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result_user) == 1) - { + //* DEBUG */ echo "+".SQL_NUMROWS($result_user).":".$points."+
\n"; + if (SQL_NUMROWS($result_user) == 1) { // This is the user and his ref list ($ref, $email) = SQL_FETCHROW($result_user); SQL_FREERESULT($result_user); + $result = SQL_QUERY_ESC("SELECT percents FROM "._MYSQL_PREFIX."_refdepths WHERE level='%s' LIMIT 1", array(bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + //* DEBUG */ echo "DEPTH:".$DEPTH."
\n"; + if (SQL_NUMROWS($result) == 1) { list($per) = SQL_FETCHROW($result); SQL_FREERESULT($result); $P = $points * $per / 100; + //* DEBUG */ echo "ADD:".$P."
\n"; // Update points... $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) - { + if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) { // First ref in this level! :-) $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); } // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database MEDIA_UPDATE_ENTRY(array("total_points"), "add", $P); } // Points updated, maybe I shall send him an email? - if (($send_notify) && ($ref > 0) && (!$locked)) - { + if (($send_notify) && ($ref > 0) && (!$locked)) { // 0 1 2 3 $DATA = array($per, bigintval($DEPTH), $P, bigintval($ref)); $msg = LOAD_EMAIL_TEMPLATE("confirm-referral", "", bigintval($uid)); SEND_EMAIL($email, THANX_REFERRAL_ONE, $msg); + } elseif (($send_notify) && ($ref == 0) && (!$locked) && ($add_mode == "direct") && (!defined('__POINTS_VALUE'))) { + // Direct payment shall be notified about + define('__POINTS_VALUE', $P); + + // Load message + $msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid); + + // And sent it away + SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg); + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED); } // Maybe there's another ref? - if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) - { + if (($ref > 0) && ($points > 0) && ($ref != $uid) && ($add_mode == "ref")) { // Then let's credit him here... ADD_POINTS_REFSYSTEM($ref, $points, $send_notify, $ref, $locked); } -- 2.39.2 From fb73ea9bcaba7cb130e482a51cf205233487d40b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 15 Apr 2008 12:55:46 +0000 Subject: [PATCH 02/16] Comments removed --- inc/modules/admin/what-del_email.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/inc/modules/admin/what-del_email.php b/inc/modules/admin/what-del_email.php index 3401751e7d..c8ba9bb594 100644 --- a/inc/modules/admin/what-del_email.php +++ b/inc/modules/admin/what-del_email.php @@ -75,8 +75,8 @@ if (!empty($_GET['mid'])) { SEND_EMAIL($sender, MEMBER_ORDER_DELETED, $msg_user); // Delete mail from queue - //$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", - // array(bigintval($_GET['mid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", + array(bigintval($_GET['mid'])), __FILE__, __LINE__); // Fetch right stats_id from pool $result = SQL_QUERY_ESC("SELECT s.id FROM "._MYSQL_PREFIX."_user_stats AS s @@ -109,8 +109,8 @@ WHERE s.pool_id=%d LIMIT 1", } // Remove links from DB - //$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", - // array(bigintval($stats_id)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_links WHERE stats_id=%d", + array(bigintval($stats_id)), __FILE__, __LINE__); // Output link for manually removing stats entry LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); -- 2.39.2 From 180646e7ce31e2772267540bb813f4798fc88c06 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 18 Apr 2008 11:21:27 +0000 Subject: [PATCH 03/16] Fix for registration --- inc/modules/guest/what-register.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 2ec132d5f9..59ffc72e76 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -325,7 +325,7 @@ array( break; default: - $DATA['birthday'] = bigintval($_POST['month']."/".bigintval($_POST['day'])."/".bigintval($_POST['year']); + $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']); break; } -- 2.39.2 From 3b95154ce2a1a5609a08bf665ee315098c8874e0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 18 Apr 2008 15:16:46 +0000 Subject: [PATCH 04/16] Fix for browser title --- inc/mysql-manager.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 5cc8edd646..e4bcad187c 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -39,12 +39,12 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function ADD_MODULE_TITLE($mod) -{ +function ADD_MODULE_TITLE($mod) { global $cacheArray, $_CONFIG; $name = ""; $result = false; - // Load title - if (!isBooleanConstantAndTrue('mxchange_installed')) { + + // Is the script installed? + if (isBooleanConstantAndTrue('mxchange_installed')) { if ((GET_EXT_VERSION("cache") >= "0.1.2") && (isset($cacheArray['modules']['module'])) && (is_array($cacheArray['modules']['module'])) && (isset($cacheArray['modules']['module'][$mod]))) { // Load from cache $name = $cacheArray['modules']['title'][$mod]; -- 2.39.2 From 898d17a09c66527b1e5d45149e23b88d42487c35 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 09:40:47 +0000 Subject: [PATCH 05/16] Birthday link fixed --- birthday_confirm.php | 15 ++++++--------- inc/functions.php | 10 ++++++++-- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/birthday_confirm.php b/birthday_confirm.php index 8dd674554a..3dd8dedf4b 100644 --- a/birthday_confirm.php +++ b/birthday_confirm.php @@ -50,23 +50,20 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install $uid = strip_tags(bigintval($_GET['uid'])); // Only allow numbers here... - $chk = strip_tags(bigintval($_GET['check'])); - - // .. only first 32 numbers - $chk = substr($chk, 0, 32); + $chk = strip_tags(bigintval($_GET['check'], false)); // Check if link is not clicked so far $result = SQL_QUERY_ESC("SELECT DISTINCT b.points, d.sex, d.surname, d.family, d.status FROM "._MYSQL_PREFIX."_user_birthday AS b LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON b.userid=d.userid -WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", +WHERE b.userid=%d AND b.chk_value=%d LIMIT 1", array($uid, $chk), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Ok, congratulation again! Here's your gift from us... - list($GIFT, $salut, $sname, $fname, $status) = SQL_FETCHROW($result); + list($gift, $salut, $sname, $fname, $status) = SQL_FETCHROW($result); if ($status == "CONFIRMED") { // Set mode depending on how many mails the member has to confirm @@ -75,7 +72,7 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", // Add points to account $DEPTH = 0; - ADD_POINTS_REFSYSTEM($uid, $GIFT, false, "0", $locked, strtolower($_CONFIG['birthday_mode'])); + ADD_POINTS_REFSYSTEM($uid, $gift, false, "0", $locked, strtolower($_CONFIG['birthday_mode'])); // Remove entry from table $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d LIMIT 1", @@ -85,14 +82,14 @@ WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "add", $GIFT); + MEDIA_UPDATE_ENTRY(array("total_points"), "add", $gift); } // Transfer data to constants for the template define('__SALUT', TRANSLATE_SEX($salut)); define('__SNAME', $sname); define('__FNAME', $fname); - define('__GIFT' , $GIFT); + define('__GIFT' , $gift); // Load message from template define('__MSG', LOAD_TEMPLATE("birthday_msg", true)); diff --git a/inc/functions.php b/inc/functions.php index 005fea7a72..e24be85a2d 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1216,9 +1216,15 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") return $return; } // Does only allow numbers -function bigintval($num) +function bigintval($num, $castValue = true) { - $ret = (int) preg_replace("/[^0123456789]/", "", $num); + // Filter all numbers out + $ret = preg_replace("/[^0123456789]/", "", $num); + + // Cast the value? + if ($castValue) $ret = (int) $ret; + + // Return result return $ret; } // Insert the code in $img_code into jpeg or PNG image -- 2.39.2 From f75775e78818717e3e52d15b166ba5d25ec97f68 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 09:43:40 +0000 Subject: [PATCH 06/16] HTML entity fixed --- inc/extensions/ext-birthday.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/extensions/ext-birthday.php b/inc/extensions/ext-birthday.php index f1384dfc76..418d0b33cf 100644 --- a/inc/extensions/ext-birthday.php +++ b/inc/extensions/ext-birthday.php @@ -77,7 +77,7 @@ case "update": // Update an extension { case "0.1": // SQL queries for v0.1 // Update notes (these will be set as task text!) - $UPDATE_NOTES = "Wenn t&auiml;glicher Reset war, wird eine benötigte Include-Datei nicht mehr von daily-reset.php eingebunden, sondern von der Erweiterungsdatei selber."; + $UPDATE_NOTES = "Wenn täglicher Reset war, wird eine benötigte Include-Datei nicht mehr von daily-reset.php eingebunden, sondern von der Erweiterungsdatei selber."; break; case "0.2": // SQL queries for v0.2 -- 2.39.2 From 0e500eb441c95d3128835dfabab1de1f528caed2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 10:17:15 +0000 Subject: [PATCH 07/16] Birthday link fixed --- birthday_confirm.php | 61 ++++++++++++++++++++----------------------- inc/db/lib-mysql3.php | 4 +-- 2 files changed, 30 insertions(+), 35 deletions(-) diff --git a/birthday_confirm.php b/birthday_confirm.php index 3dd8dedf4b..1eb3f2c7a4 100644 --- a/birthday_confirm.php +++ b/birthday_confirm.php @@ -44,64 +44,61 @@ $GLOBALS['module'] = "birthday_confirm"; $CSS = -1; // Load the required file(s) require ("inc/config.php"); -if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) -{ +// Is the script installed? +if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed'))) { // Script is installed so let's check for his confirmation link... - $uid = strip_tags(bigintval($_GET['uid'])); + $uid = bigintval($_GET['uid']); // Only allow numbers here... - $chk = strip_tags(bigintval($_GET['check'], false)); + $chk = bigintval($_GET['check'], false); // Check if link is not clicked so far - $result = SQL_QUERY_ESC("SELECT DISTINCT b.points, d.sex, d.surname, d.family, d.status + $result = SQL_QUERY_ESC("SELECT b.points, d.sex, d.surname, d.family, d.status, d.ref_payout FROM "._MYSQL_PREFIX."_user_birthday AS b -LEFT JOIN "._MYSQL_PREFIX."_user_data AS d +INNER JOIN "._MYSQL_PREFIX."_user_data AS d ON b.userid=d.userid -WHERE b.userid=%d AND b.chk_value=%d LIMIT 1", +WHERE b.userid=%d AND b.chk_value='%s' LIMIT 1", array($uid, $chk), __FILE__, __LINE__); + //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")
\n"; - if (SQL_NUMROWS($result) == 1) - { + // Is an entry there? + if (SQL_NUMROWS($result) == 1) { // Ok, congratulation again! Here's your gift from us... - list($gift, $salut, $sname, $fname, $status) = SQL_FETCHROW($result); - if ($status == "CONFIRMED") - { + $data = SQL_FETCHARRAY($result, false); + + // Is the account confirmed? + if ($data['status'] == "CONFIRMED") { // Set mode depending on how many mails the member has to confirm $locked = false; - if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == 'N')) $locked = true; + if (($data['ref_payout'] > 0) && ($_CONFIG['allow_direct_pay'] == 'N')) $locked = true; // Add points to account $DEPTH = 0; - ADD_POINTS_REFSYSTEM($uid, $gift, false, "0", $locked, strtolower($_CONFIG['birthday_mode'])); + ADD_POINTS_REFSYSTEM($uid, $data['points'], false, "0", $locked, strtolower($_CONFIG['birthday_mode'])); // Remove entry from table - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d LIMIT 1", - array($uid), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_birthday WHERE userid=%d AND chk_value='%s' LIMIT 1", + array($uid, $chk), __FILE__, __LINE__); // Update mediadata if version is 0.0.4 or newer - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "add", $gift); + MEDIA_UPDATE_ENTRY(array("total_points"), "add", $data['points']); } // Transfer data to constants for the template - define('__SALUT', TRANSLATE_SEX($salut)); - define('__SNAME', $sname); - define('__FNAME', $fname); - define('__GIFT' , $gift); + define('__SALUT', TRANSLATE_SEX($data['sex'])); + define('__SNAME', $data['surname']); + define('__FNAME', $data['family']); + define('__GIFT' , $data['points']); // Load message from template define('__MSG', LOAD_TEMPLATE("birthday_msg", true)); - } - else - { + } else { // Unconfirmed / locked accounts cannot get points - define('__MSG', BIRTHDAY_CANNOT_STATUS_1.TRANSLATE_STATUS($status).BIRTHDAY_CANNOT_STATUS_2); + define('__MSG', BIRTHDAY_CANNOT_STATUS_1.TRANSLATE_STATUS($data['status']).BIRTHDAY_CANNOT_STATUS_2); } - } - else - { + } else { // Cannot load data! define('__MSG', BIRTHDAY_CANNOT_LOAD_DATA); } @@ -126,9 +123,7 @@ WHERE b.userid=%d AND b.chk_value=%d LIMIT 1", // Include footer include(PATH."inc/footer.php"); -} - else -{ +} else { // You have to configure first! LOAD_URL("install.php"); } diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 5e38261c4b..f9f1e74d02 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -152,10 +152,10 @@ function SQL_CONNECT($host, $login, $password, $F, $L) { return $connect; } // SQL select database -function SQL_SELECT_DB($DB, $link, $F, $L) { +function SQL_SELECT_DB($dbName, $link, $F, $L) { $select = false; if (is_resource($link)) { - $select = @mysql_select_db($DB, $link) or ADD_FATAL($F." (".$L."):".mysql_error()); + $select = @mysql_select_db($dbName, $link) or ADD_FATAL($F." (".$L."):".mysql_error()); } return $select; } -- 2.39.2 From ca373c1ed0ab946bbf39bda275ed83214d6a3fed Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 12:23:42 +0000 Subject: [PATCH 08/16] Installer now writes config.php correctly --- inc/install-inc.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/inc/install-inc.php b/inc/install-inc.php index 9bdd5f39f0..850d6fae7e 100644 --- a/inc/install-inc.php +++ b/inc/install-inc.php @@ -47,6 +47,7 @@ function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) $done = false; $next = 0; $sneak++; + if ((file_exists($file)) && (is_readable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; @@ -56,15 +57,22 @@ function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) if (is_resource($fp_tmp)) { while (!feof($fp)) { $line = fgets ($fp, 10240); - if (strpos($line, $search) > -1) $next = 0; + //* DEBUG: */ echo $search."/".htmlentities($line)."
\n"; + $found = strpos($line, $search); + //* DEBUG: */ echo "FOUND: "; + var_dump($found); + //* DEBUG: */ echo "
\n"; + if ($found !== false) $next = 0; if ($next > -1) { if ($next == $sneak) { $next = -1; $line = $prefix.$DATA.$suffix."\n"; + //* DEBUG: */ echo "NEW: ".htmlentities($line)."
\n"; } else { $next++; } } + //* DEBUG: */ echo "WRITE: ".htmlentities($line)."
\n"; fputs($fp_tmp, $line); } fclose($fp_tmp); @@ -390,6 +398,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT install_WriteData($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0); install_WriteData($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0); install_WriteData($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0); + die(); // Close the link SQL_CLOSE($link, __FILE__, __LINE__); -- 2.39.2 From 238d39b877a9c427d04614d628f443c1f64925fd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 12:27:00 +0000 Subject: [PATCH 09/16] Now fixed... *sigh* --- inc/install-inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/install-inc.php b/inc/install-inc.php index 850d6fae7e..eb35e24475 100644 --- a/inc/install-inc.php +++ b/inc/install-inc.php @@ -45,7 +45,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) { // Initialize all and count up the "seak" value $done = false; - $next = 0; + $next = -1; $sneak++; if ((file_exists($file)) && (is_readable($file))) { @@ -60,7 +60,7 @@ function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) //* DEBUG: */ echo $search."/".htmlentities($line)."
\n"; $found = strpos($line, $search); //* DEBUG: */ echo "FOUND: "; - var_dump($found); + //* DEBUG: */ var_dump($found); //* DEBUG: */ echo "
\n"; if ($found !== false) $next = 0; if ($next > -1) { -- 2.39.2 From 8eb210b89c951f3278331087d6ad20b0d0833db7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 6 May 2008 12:27:31 +0000 Subject: [PATCH 10/16] die() removed --- inc/install-inc.php | 1 - 1 file changed, 1 deletion(-) diff --git a/inc/install-inc.php b/inc/install-inc.php index eb35e24475..5f9fede1c2 100644 --- a/inc/install-inc.php +++ b/inc/install-inc.php @@ -398,7 +398,6 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT install_WriteData($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0); install_WriteData($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0); install_WriteData($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0); - die(); // Close the link SQL_CLOSE($link, __FILE__, __LINE__); -- 2.39.2 From dff82554761a7fe1a34d3ce2d4922b4b1f3cd6b9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 15 May 2008 19:31:44 +0000 Subject: [PATCH 11/16] Typo fixed --- inc/language/install_de.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/language/install_de.php b/inc/language/install_de.php index 64ced8fdc7..c9dd1e2820 100644 --- a/inc/language/install_de.php +++ b/inc/language/install_de.php @@ -43,7 +43,7 @@ define('MT_WORD', "Mailtausch"); define('MT_WORD2', "Mailtausches"); define('INSTALLATION_OF_MXCHANGE', "Installation von MXChange-".MT_WORD."-Script"); define('INSTALL_MISSING_DUMPS', "Die SQL-Dumps wurden nicht gefunden! Diese sollten auch mit hochgeladen werden und lesbar sein (CHMOD 644)."); -define('INSTALL_ENABLE_BACKLINK', "Backlink (=Rückverlinkung zu mxchange.org setzen?) rel="external" ist gsetzt. Bitte nicht den Backlink einbauen, und nofollow verwenden! Das schadet allen."); +define('INSTALL_ENABLE_BACKLINK', "Backlink (=Rückverlinkung zu mxchange.org setzen?) rel="external" ist gesetzt. Bitte nicht den Backlink einbauen, und nofollow verwenden! Das schadet allen."); define('WRONG_PAGE', "Sie oder dieses Script haben eine falsche Seite ausgewählt!"); define('WELCOME_TEXT', "Willkommen zum Installationsscript von MXChange-{!MT_WORD!}, dem kostenlosen {!MT_WORD!} Powered by MyAutoInstaller-Community!"); define('INTRO_TEXT', "Dieses Script wird den {!MT_WORD!} für Sie soweit installieren, die Datenbank einrichten und vorkonfigurieren.
Sie werden während der Installation Schritt-Für-Schritt durch die Installation gebracht! Bitte halten Sie die MySQL-Daten, sowie den absoluten Server-Pfad bereit!
Nach erfolgreicher Installation sollten Sie als nächstes das erste Administrator-Login einrichten. Anschliessend können Sie sich einloggen und weitere Einstellungen verfeinern.
Wir empfehlen dann alle Installationsdateien von Ihrem Server zu löschen."); -- 2.39.2 From 3aeddfb08e3fa6c1bfbd54084523eaa3e06175ba Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 15 May 2008 20:01:11 +0000 Subject: [PATCH 12/16] Install fix --- inc/modules/admin.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/inc/modules/admin.php b/inc/modules/admin.php index c364ae283a..c0e1fdf48a 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -56,11 +56,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Admin is not registered so we have to inform the user if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { - // Hash the password with our new generateHash() function - $hashedPass = generateHash($_POST['pass']); - - // If the password has not been hashed we have to fall-back to md5() - if ($hashedPass == $_POST['pass']) $hashedPass = md5($hashedPass); + // Hash the password with the old function because we are here in install mode + $hashedPass = md5($hashedPass); // Do registration $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); -- 2.39.2 From dbef43c3a859518367f9ee0dde8e895ec677af23 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 21:14:01 +0000 Subject: [PATCH 13/16] More fixes for admin password hashing --- inc/db/lib-mysql3.php | 7 +- inc/functions.php | 7 +- inc/language/de.php | 1 + inc/modules/admin.php | 21 +++-- inc/modules/admin/admin-inc.php | 129 +++++++++++++------------- inc/modules/admin/what-extensions.php | 8 +- inc/mysql-connect.php | 20 ++-- inc/mysql-manager.php | 49 ++++++---- 8 files changed, 142 insertions(+), 100 deletions(-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index f9f1e74d02..6bb648c436 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -84,10 +84,13 @@ function SQL_QUERY($sql_string, $F, $L) { // SQL num rows function SQL_NUMROWS($result) { - if ($result != false) { + // Is the result a valid resource? + if (is_resource($result)) { + // Get the count of rows from database $lines = @mysql_num_rows($result); - if (empty($lines)) $lines = "0"; + // Is the result empty? Then we have an error! + if (empty($lines)) $lines = "0"; } else { // No resource given, no lines found! $lines = "0"; diff --git a/inc/functions.php b/inc/functions.php index e24be85a2d..bfa97b999a 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1805,7 +1805,7 @@ function CREATE_EMAIL_LINK($email, $table="admins") { return $EMAIL; } // Generate a hash for extra-security for all passwords -function generateHash($plainText, $salt = "") { +function generateHash ($plainText, $salt = "") { global $_CONFIG, $_SERVER; // Is the required extension "sql_patches" there? @@ -1997,6 +1997,11 @@ function generatePassString($passHash) { //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); $ret = generateHash($newHash, $_CONFIG['master_salt']); + } else { + // Hash it simple + //* DEBUG: */ echo "--".$passHash."--
\n"; + $ret = md5($passHash); + //* DEBUG: */ echo "++".$ret."++
\n"; } // Return result diff --git a/inc/language/de.php b/inc/language/de.php index ff35894d31..29d0037634 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1104,6 +1104,7 @@ define('ADMIN_CONFIG_MAILID_REDIRECT_INDEX', "Auf Hauptseite weiterleiten."); define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten."); define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)"); define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System"); +define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung sql_patches installiert haben und dabei das Passort-Hashing geändert/verbessert wurde. Bitte erneut einloggen!"); // ?> diff --git a/inc/modules/admin.php b/inc/modules/admin.php index c0e1fdf48a..a8d2d13419 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -49,15 +49,12 @@ require_once(PATH."inc/modules/admin/admin-inc.php"); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); -// Is the logout empty? -if (empty($_GET['logout'])) $_GET['logout'] = ""; - if (!isBooleanConstantAndTrue('admin_registered')) { // Admin is not registered so we have to inform the user if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5($hashedPass); + $hashedPass = md5($_POST['pass']); // Do registration $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); @@ -86,6 +83,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Any other kind $ret = "done"; } + if (!isBooleanConstantAndTrue('admin_registered')) { // Write to config that registration is done admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); @@ -97,6 +95,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { break; } } + + // Whas that action okay? if ($ret != "done") { // Fixes another "Notice" if (!empty($_POST['login'])) { @@ -250,7 +250,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load login form template LOAD_TEMPLATE("admin_login_form", false, $content); } -} elseif ($_GET['logout'] == "1") { +} elseif (isset($_GET['logout'])) { // Only try to remove cookies if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) { // Also remove array elements @@ -263,7 +263,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { @session_destroy(); // Load logout template - LOAD_TEMPLATE("admin_logout"); + if (isset($_GET['sql_patches'])) { + // Special logout redirect for sql_patchrs + LOAD_TEMPLATE("admin_logout_sql_patches"); + } else { + // Logged out normally + LOAD_TEMPLATE("admin_logout"); + } } else { // Something went wrong here... OUTPUT_HTML("".ADMIN_LOGOUT_FAILED.""); @@ -274,7 +280,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } else { // Maybe an Admin want's to login? $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5'))); - switch ($ret) { + switch ($ret) + { case "done": // Cookie-Data accepted if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) { diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index f9f775a003..8f4623b052 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function REGISTER_ADMIN ($user, $md5) +function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "failed"; $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')", - array($user, $md5), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')", + array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { global $cacheArray, $_CONFIG, $cacheInstance; $ret = "404"; $pass = ""; - if (!empty($cacheArray['admins']['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } - else - { + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { $ret = "pass"; list($pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); } } - //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."
"; - if ((strlen($pass) == 32) && ($pass == md5($password))) - { + //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
"; + if ((strlen($pass) == 32) && ($pass == md5($password))) { // Generate new hash $pass = generateHash($password); - if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done"; - } - elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) - { + + // Is the sql_patches not installed, than we cannot have a valid hashed password here! + if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; + } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; } @@ -104,28 +96,25 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $salt = __SALT; // Check if password is same - if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) - { + if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) - { + if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } // Password matches! $ret = "done"; - } - elseif ((empty($salt)) && ($ret == "pass")) - { + } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; } return $ret; } + // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; @@ -140,16 +129,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { + // Entry found $ret = "pass"; + + // Fetch password list($pass) = SQL_FETCHROW($result); - SQL_FREERESULT($result); } + + // Free result + SQL_FREERESULT($result); } - //* DEBUG: */ echo "*".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."
"; // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) { + if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { // Passwords matches! $ret = "done"; } @@ -158,66 +152,75 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { return $ret; } // -function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) -{ - $done = false; $seek++; $found = false; - if (file_exists($file)) - { +function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) { + // Initialize some variables + $done = false; + $seek++; + $found = false; + + // Is the file there and read-/write-able? + if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; - $fp = fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); - if ($fp) - { - $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); - if ($fp_tmp) - { - while (! feof($fp)) - { + + // Open the source file + $fp = @fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); + + // Is the resource valid? + if (is_resource($fp)) { + // Open temporary file + $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); + + // Is the resource again valid? + if (is_resource($fp_tmp)) { + while (!feof($fp)) { + // Read from source file $line = fgets ($fp, 1024); + if (strpos($line, $search) > -1) { $next = 0; $found = true; } - if ($next > -1) - { - if ($next == $seek) - { + + if ($next > -1) { + if ($next == $seek) { $next = -1; $line = $prefix . $DATA . $suffix."\n"; - } - else - { + } else { $next++; } } + + // Write to temp file fputs($fp_tmp, $line); } + + // Close temp file fclose($fp_tmp); + // Finished writing tmp file $done = true; } + + // Close source file fclose($fp); - if (($done) && ($found)) - { + + if (($done) && ($found)) { // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); define('_FATAL', false); - } - elseif (!$found) - { + } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); define('_FATAL', true); - } - else - { + } else { OUTPUT_HTML("TMP: UNDONE!"); define('_FATAL', true); } } - } - else - { + } else { + // File not found, not readable or writeable OUTPUT_HTML("404: ".$file."
"); } } + // function ADMIN_DO_ACTION($wht) { diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index fb0f2f2c26..ce97012cdd 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -304,7 +304,13 @@ case "register": // Register new extension // ... so we can finally register and load it in registration mode $status = EXTENSION_REGISTER($ext_name, $id); - if ($status) { + if ($status == true) { + // Is this sql_patches? Then we need to auto-logout! + if ($ext_name == "sql_patches") { + // Auto-logout here + LOAD_URL("admin.php?module=admin&logout=1&sql_patches=1"); + } + // Extension was found and successfully registered LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED); diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index e01516610f..813bcb6762 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -65,7 +64,6 @@ if ((empty($MySQL['login'])) && (!isBooleanConstantAndTrue('mxchange_installing' echo "".LANG_WARNING.": ".WARN_NULL_PASSWORD; } - // Init configuration arrays $_CONFIG = array( 'code_length' => 0 @@ -97,6 +95,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndT // Is it a valid resource? if ($db === true) { + // Load more include files + require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database + // Load configuration stuff $result = SQL_QUERY("SELECT pass_len, points_register, points_ref, least_cats, check_double_email, check_double_pass, admin_notify, url_tlock, test_text, max_tlength, test_subj, autosend_active, max_send, url_blacklist, auto_purge, auto_purge_active, last_update, unconfirmed, profile_lock, online_timeout, mad_timestamp, mad_count, profile_update, send_prof_update, resend_profile_update, code_length, patch_level, patch_ctime, guest_stats, ref_payout, activate_xchange, order_multi_page, display_refid, ip_timeout, allow_direct_pay, config FROM "._MYSQL_PREFIX."_config @@ -105,7 +106,7 @@ LIMIT 1", __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data when previous SQL query did not fail - if (!$result) { + if (!is_resource($result)) { // Something went wrong ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG); return; @@ -117,9 +118,6 @@ LIMIT 1", __FILE__, __LINE__); // Initialize include-file-pool $INC_POOL = array(); - // Load more include files - require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database - // Run daily reset if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) { // Do daily things in external PHP file but only when script is completely setup @@ -133,7 +131,7 @@ LIMIT 1", __FILE__, __LINE__); require_once(PATH."inc/load_extensions.php"); // Loading patching system is required here... - require_once(PATH."inc/patch-system.php"); // Initialize patch system + require_once(PATH."inc/patch-system.php"); // Initialize patch system // Functions which are related to themes require_once(PATH."inc/theme-manager.php"); @@ -191,12 +189,18 @@ LIMIT 1", __FILE__, __LINE__); $dummy = CHECK_MODULE($GLOBALS['module']); if ($dummy == "done") COUNT_MODULE($GLOBALS['module']); unset($dummy); + + // Shall we activate the exchange? if ($_CONFIG['activate_xchange'] > 0) activateExchange(); } else { // If you will read following error message you probably need to contact me (webmaster@mxchange.org) // and download the sql-upgrades extension from my server. Please ask me which SQL file(s) you need to // import *BEFORE* you import them! ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG); + + // Reset link and db here, close database first + SQL_CLOSE($link, __FILE__, __LINE__); + $link = false; $db = false; } // Free memory diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index e4bcad187c..723f61ecb6 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -73,6 +72,7 @@ function ADD_MODULE_TITLE($mod) { } return $name; } + // Check validity of a given module name (no file extension) function CHECK_MODULE($mod) { // We need them now here... @@ -187,9 +187,9 @@ function CHECK_MODULE($mod) { // Return the value return $ret; } + // Add menu description pending on given file name (without path!) -function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) -{ +function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $_CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... @@ -251,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) if (!$return) $DEPTH++; $prefix = ""; } + $prefix .= " -> "; + if (ereg(".php", $search)) { $search = substr($search, 0, strpos($search, ".php")); } + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -287,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) // function ADD_MENU($MODE, $act, $wht) { global $_CONFIG; + + // Init some variables + $main_cnt = 0; + $AND = ""; + $main_action = ""; + $sub_what = ""; + if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; - $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; - if (!IS_ADMIN()) - { + + // Non-admin shall not see all menus + if (!IS_ADMIN()) { $AND = "AND visible='Y' AND locked='N'"; } + // Load SQL data and add the menu to the output stream... $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort", array($MODE), __FILE__, __LINE__); //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { OUTPUT_HTML(""); // There are menus available, so we simply display them... :) - while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) - { + while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) { //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; // Load menu header template $BLOCK_MODE = false; $act = $main_action; @@ -311,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) { $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort", array($MODE, $main_action), __FILE__, __LINE__); $ctl = SQL_NUMROWS($result_sub); - if ($ctl > 0) - { + if ($ctl > 0) { $cnt=0; - while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) - { + while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) { + // Init content $content = ""; // Full file name for checking menu @@ -390,7 +399,9 @@ function IS_ADMIN($admin="") // If admin login is not given take current from cookies... if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { - $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5'); + // Get admin login and password from session/cookies + $admin = SQL_ESCAPE(get_session('admin_login')); + $passCookie = SQL_ESCAPE(get_session('admin_md5')); } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; @@ -411,6 +422,8 @@ function IS_ADMIN($admin="") if (SQL_NUMROWS($result) == 1) { // Admin login was found so let's load password from DB list($passDB) = SQL_FETCHROW($result); + + // Generate password hash $valPass = generatePassString($passDB); } @@ -420,8 +433,8 @@ function IS_ADMIN($admin="") if (!empty($valPass)) { // Check if password is valid - //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*
"; - $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); + //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*
\n"; + $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); } // Return result of comparision -- 2.39.2 From dea8e9bedeb3657454acd3f8ebb48c75dbe1bc2d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 21:58:47 +0000 Subject: [PATCH 14/16] Writing of .htaccess no longer needed --- inc/extensions/ext-sql_patches.php | 9 +- inc/gen_sql_patches.php | 142 +++++++++++++--------------- inc/modules/admin/action-logout.php | 11 +-- inc/modules/admin/admin-inc.php | 2 +- 4 files changed, 72 insertions(+), 92 deletions(-) diff --git a/inc/extensions/ext-sql_patches.php b/inc/extensions/ext-sql_patches.php index 08c7bf96d9..3cb088c025 100644 --- a/inc/extensions/ext-sql_patches.php +++ b/inc/extensions/ext-sql_patches.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF']))) -{ +if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF']))) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -568,13 +567,11 @@ default: // Do stuff when extension is loaded $_CONFIG['show_timings'] = $dummy['show_timings']; // Read key from secret file - if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) - { + if ((empty($_CONFIG['file_hash'])) || (empty($_CONFIG['master_salt'])) || (empty($_CONFIG['pass_scramble']))) { // Maybe need setup of secret key! require_once(PATH."inc/gen_sql_patches.php"); - if (GET_EXT_VERSION("cache") >= "0.1.2") - { + if (GET_EXT_VERSION("cache") >= "0.1.2") { // Remove extensions and mod_reg cache file require_once(PATH."inc/libs/cache_functions.php"); require_once(PATH."inc/extensions/ext-cache.php"); diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index 2e59c8da53..61eebc187f 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -32,94 +32,82 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; - require($INC); +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { + $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; + require($INC); } // Check for version of sql_patches if (GET_EXT_VERSION("sql_patches") < "0.3.6") return false; // Check if there is no scrambling string -if (empty($_CONFIG['pass_scramble'])) -{ - // Generate 40 chars long scramble string - $scrambleString = genScrambleString(40); - - // ... and store it there for future usage - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET pass_scramble='%s' WHERE config=0 LIMIT 1", - array($scrambleString), __FILE__, __LINE__); - - // Also remember it in config - $_CONFIG['pass_scramble'] = $scrambleString; - unset($scrambleString); +if (empty($_CONFIG['pass_scramble'])) { + // Generate 40 chars long scramble string + $scrambleString = genScrambleString(40); + + // ... and store it there for future usage + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET pass_scramble='%s' WHERE config=0 LIMIT 1", + array($scrambleString), __FILE__, __LINE__); + + // Also remember it in config + $_CONFIG['pass_scramble'] = $scrambleString; + unset($scrambleString); } // Check if there is no master salt string -if (empty($_CONFIG['master_salt'])) -{ - // Generate the master salt which is the first chars minus 40 chars of this random hash - // We do an extra scrambling here... - $masterSalt = scrambleString(substr(generateHash(GEN_PASS(rand(128, 256))), 0, -40)); - - // ... and store it there for future usage - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET master_salt='%s' WHERE config=0 LIMIT 1", - array($masterSalt), __FILE__, __LINE__); - - // Also remember it in config - $_CONFIG['master_salt'] = $masterSalt; - unset($masterSalt); +if (empty($_CONFIG['master_salt'])) { + // Generate the master salt which is the first chars minus 40 chars of this random hash + // We do an extra scrambling here... + $masterSalt = scrambleString(substr(generateHash(GEN_PASS(rand(128, 256))), 0, -40)); + + // ... and store it there for future usage + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET master_salt='%s' WHERE config=0 LIMIT 1", + array($masterSalt), __FILE__, __LINE__); + + // Also remember it in config + $_CONFIG['master_salt'] = $masterSalt; + unset($masterSalt); } -if (empty($_CONFIG['file_hash'])) -{ - // Create filename from hashed random string - $file_hash = generateHash(GEN_PASS(rand(128, 256))); - $file = PATH."inc/.secret/.".$file_hash; - - // File hash was never created - $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!"); - if ($fp != false) - { - // Could write to secret file! So let's generate the secret key... - // 1. Count of chars to be taken from back of the string - $nums = rand(40, 45); - // 2. Generate secret key from a randomized string - $secretKey = substr(generateHash(GEN_PASS(rand(128, 256))), -$nums); - // 3. Write the key to the file - fwrite($fp, $secretKey); - // 4. Close file - fclose($fp); - - // Change access rights for more security - @chmod($file, 0644); - - //* DEBUG: */ unlink($file); - //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey); - //* DEBUG: */ $test = generateHash(str_replace('.', "", $test)); - //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); - - // Write $file_hash to database - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config=0 LIMIT 1", - array($file_hash), __FILE__, __LINE__); - - // Also create .htaccess file - $fp = @fopen(PATH."inc/.secret/.htaccess", 'w') or mxchange_die("Cannot write to .htaccess file!"); - if ($fp != false) - { - // Add deny line to file - fwrite($fp, "Deny from all"); - - // Close the file - fclose($fp); - } - - // Also update configuration - $_CONFIG['secret_key'] = $secretKey; unset($secretKey); - $_CONFIG['file_hash'] = $file_hash; unset($file_hash); - } +if (empty($_CONFIG['file_hash'])) { + // Create filename from hashed random string + $file_hash = generateHash(GEN_PASS(rand(128, 256))); + $file = PATH."inc/.secret/.".$file_hash; + + // File hash was never created + $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!"); + if ($fp != false) { + // Could write to secret file! So let's generate the secret key... + // 1. Count of chars to be taken from back of the string + $nums = rand(40, 45); + // 2. Generate secret key from a randomized string + $secretKey = substr(generateHash(GEN_PASS(rand(128, 256))), -$nums); + // 3. Write the key to the file + fwrite($fp, $secretKey); + // 4. Close file + fclose($fp); + + // Change access rights for more security + @chmod($file, 0644); + + //* DEBUG: */ unlink($file); + //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey); + //* DEBUG: */ $test = generateHash(str_replace('.', "", $test)); + //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); + + // Write $file_hash to database + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config=0 LIMIT 1", + array($file_hash), __FILE__, __LINE__); + + // Also update configuration + $_CONFIG['secret_key'] = $secretKey; + $_CONFIG['file_hash'] = $file_hash; + + // And remove some variables + unset($secretKey); + unset($file_hash); + } } // -?> \ No newline at end of file +?> diff --git a/inc/modules/admin/action-logout.php b/inc/modules/admin/action-logout.php index c10b309168..56272aba32 100644 --- a/inc/modules/admin/action-logout.php +++ b/inc/modules/admin/action-logout.php @@ -42,18 +42,13 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); OUTPUT_HTML("

"); -if (!empty($_POST['no'])) -{ +if (!empty($_POST['no'])) { // Do not logout now LOAD_URL("modules.php?module=admin"); -} - elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) -{ +} elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) { // Redirect to logout link LOAD_URL("modules.php?module=admin&logout=1"); -} - else -{ +} else { // Load logout form template LOAD_TEMPLATE("admin_logout_form"); } diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 8f4623b052..ed245b5394 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -140,7 +140,7 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { SQL_FREERESULT($result); } - //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; // Check if password matches if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { -- 2.39.2 From c70787131af24666b1f337804d0fd17f0c33cc27 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 22:08:15 +0000 Subject: [PATCH 15/16] Empty CSS files removed, template fixed --- .gitattributes | 4 --- templates/de/html/admin/admin_reg_form.tpl | 36 ++++++++++++---------- theme/business/css/nickname.css | 0 theme/business/css/task.css | 0 theme/default/css/nickname.css | 0 theme/default/css/task.css | 0 6 files changed, 19 insertions(+), 21 deletions(-) delete mode 100644 theme/business/css/nickname.css delete mode 100644 theme/business/css/task.css delete mode 100644 theme/default/css/nickname.css delete mode 100644 theme/default/css/task.css diff --git a/.gitattributes b/.gitattributes index c357fa761c..ea4f571d16 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1190,9 +1190,7 @@ theme/business/css/bonus.css -text theme/business/css/doubler.css -text theme/business/css/general.css -text theme/business/css/install.css -text -theme/business/css/nickname.css -text theme/business/css/register.css -text -theme/business/css/task.css -text theme/business/css/top10.css -text theme/business/css/transfer.css -text theme/business/images/code_bg.jpg -text @@ -1204,9 +1202,7 @@ theme/default/css/bonus.css -text theme/default/css/doubler.css -text theme/default/css/general.css -text theme/default/css/install.css -text -theme/default/css/nickname.css -text theme/default/css/register.css -text -theme/default/css/task.css -text theme/default/css/top10.css -text theme/default/css/transfer.css -text theme/default/images/code_bg.jpg -text diff --git a/templates/de/html/admin/admin_reg_form.tpl b/templates/de/html/admin/admin_reg_form.tpl index 39b0ef591d..41599e91c9 100644 --- a/templates/de/html/admin/admin_reg_form.tpl +++ b/templates/de/html/admin/admin_reg_form.tpl @@ -1,11 +1,10 @@ -
-
- -
{--ADMIN_NOT_REGISTERED--}
-
+
+ + + + @@ -13,8 +12,9 @@ - + {!__MSG_LOGIN!} @@ -22,21 +22,23 @@ - + {!__MSG_PASS!} - +
+ {--ADMIN_NOT_REGISTERED--}
+
{--ADMIN_REGISTER_NOW--}
{--ADMIN_LOGIN--}:   + +
{--ADMIN_PASS--}:   + +
 
 * - +  * + +
 
- \ No newline at end of file + +
diff --git a/theme/business/css/nickname.css b/theme/business/css/nickname.css deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/theme/business/css/task.css b/theme/business/css/task.css deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/theme/default/css/nickname.css b/theme/default/css/nickname.css deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/theme/default/css/task.css b/theme/default/css/task.css deleted file mode 100644 index e69de29bb2..0000000000 -- 2.39.2 From 3e077cc4c838b433c321a21ced20f02f023f3b80 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 22:12:08 +0000 Subject: [PATCH 16/16] Redirect fixed... *sigh* admin.php is a redirector itself. --- inc/modules/admin/what-extensions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index ce97012cdd..b761a95fff 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -308,7 +308,7 @@ case "register": // Register new extension // Is this sql_patches? Then we need to auto-logout! if ($ext_name == "sql_patches") { // Auto-logout here - LOAD_URL("admin.php?module=admin&logout=1&sql_patches=1"); + LOAD_URL("modules.php?module=admin&logout=1&sql_patches=1"); } // Extension was found and successfully registered -- 2.39.2